f8b363e08926bb7a5b05e8f63c022c73a5bd718662e81ea8954b9f9847b17f39

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

268f22953e14d20e5519e6ae44a77783.exe
Size

361KB
MD5

268f22953e14d20e5519e6ae44a77783
SHA1

e2875310255370a80b2f0a1df69cd29b6741f6c2
SHA256

f8b363e08926bb7a5b05e8f63c022c73a5bd718662e81ea8954b9f9847b17f39
SHA512

893b2727d4e5813fe9d68947a8acad4fcbece8807fb41703846f0ca1c963e0bafd946cd3be41da0b3bc4ba33f573bf26d5be6a50c1bcddd307dcd28412d759e3
SSDEEP

6144:zcYHw/yeB3BjlTi8CPArmdJJYawuuSd8e1au9TIKszlJ00d7oSR+F:zvQ/HB3NleF4i2luuSd3j9TI7zb0+7oB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3004-0-0x0000000000400000-0x0000000000510000-memory.dmp	upx
behavioral2/memory/3004-16-0x0000000000400000-0x0000000000510000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3004	268f22953e14d20e5519e6ae44a77783.exe
3004	268f22953e14d20e5519e6ae44a77783.exe
3004	268f22953e14d20e5519e6ae44a77783.exe
3004	268f22953e14d20e5519e6ae44a77783.exe
3004	268f22953e14d20e5519e6ae44a77783.exe

C:\Users\Admin\AppData\Local\Temp\268f22953e14d20e5519e6ae44a77783.exe
"C:\Users\Admin\AppData\Local\Temp\268f22953e14d20e5519e6ae44a77783.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\GetRightToGo\268f22953e14d20e5519e6ae44a77783.data

Filesize
635B

MD5
f32cdd728dde744f54e102ba20a1fdc7

SHA1
6eaeabbaa5d8af0b145764c5fc1c28cc40bfe969

SHA256
44a4ec6dd0ae4f6d9fa7e8e95798098ca951855c8fda7b16f305734d5b9e03fb

SHA512
a9c6c5294cd9ea7488305065d37e0790330624123424399b5a7d6b7f9ed0b97194c60883d8ab9ac5c5b270f55e45a0dac0dd64c8e93983ff22c4d8e753d0a4e8

Download Submit
C:\Users\Admin\AppData\Roaming\GetRightToGo\268f22953e14d20e5519e6ae44a77783.htm

Filesize
622B

MD5
d8f474e392fa27ae1f0ca616a6aa7519

SHA1
62e3f3be9fd78744d3aaa5c4811eac2762a33a6c

SHA256
5c205f021582e8312a2078472145008cb1d66abb7210c14d115a97e61af37a6b

SHA512
2c221f98c636e210a1ef406109f668ff91e2c687355b929d94be9fb37626df5c683bc0c7c2fdd88f90868351583f35dd37ce572151596b1452c303f427c5c629

Download Submit
memory/3004-0-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/3004-16-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download